7.4 Ensure data exchanged between containers are encrypted on different nodes on the overlay network

Information

Encrypt data exchanged between containers on different nodes on the overlay network.
Rationale:
By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Create overlay network with --opt encrypted flag.
Impact:
None
Default Value:
By default, data exchanged between containers on different nodes on the overlay network are not encrypted in the Docker swarm mode.

See Also

https://workbench.cisecurity.org/files/1726

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13, CSCv6|14.2

Plugin: Unix

Control ID: 45fabba63d23773ccaa805220d384a53361c81c6662ec2262c2df65c0f35677d